I’ve been sent this article about privacy on Lemmy and I would like to have more opinions about it.
I come from the Matrix world where there is no history deletion neither but at least everything is encrypted.
Can we hope anything about privacy on Lemmy ?
Especially with all the attention it’s getting right now.
“Arguably worse for privacy than Reddit”
This poster clearly has some sort of vendetta against Lemmy and/or its creators with the comments on politics, etc.
Reddit takes your activity and packages/sells your data to advertisers. Lemmy does not. To say Lemmy is worse than Reddit for privacy is just not true.
I’d take that post with a hefty grain of salt.
This poster clearly has some sort of vendetta against Lemmy and/or its creators with the comments on politics, etc.
It does https://join-lemmy.org/news/2023-06-17_-_Update_from_Lemmy_after_the_Reddit_blackout
Not taking sides, but saying that is worse than Reddit is more a vendeta than something else
Just like on reddit, treat everything here as public. Do not post things that you want to be private to either site; this goes for literally any website you don’t own.
deleted by creator
Any claims made about privacy on a social media site, especially ones run by private companies or individuals, should be met with extreme skepticism. The reality of privacy on the internet is that it is not something you can get by picking a different service, it is something you must constantly maintain with vigilance and an up to date understanding of infosec practices.
Privacy enthusiast and software developer here. I would not consider that post an “article”. It is an alarmist mess.
Point 3 is so vague as to be useless, and its link doesn’t clarify at all, so I won’t try to address it.
To points 1, 2, & 4:
As far as I can tell, Lemmy does in fact federate deletes. If those deletes are not being honored, then the problem lies not in the Lemmy network, but in one implementation of it, which can be fixed.
If Lemmy’s code is hiding posts instead of deleting them, you could submit a change request to address it. Chances are there’s another way to accomplish whatever goal is behind the current behavior.
You could also write (if you’re a developer) or sponsor (if you aren’t) an alternative implementation. Make yours fully and immediately delete, and make it otherwise good, and it could become the dominant software for running Lemmy instances.
If your concern is with the Lemmy developers’ ethical positions, you wouldn’t be the first, but distancing yourself from them doesn’t require abandoning the network. You can simply use an alternative implementation (e.g. Kbin) or join communities that aren’t hosted on lemmy.ml. That’s one of the great benefits of the network: no single person or server controls it.
I strongly believe that public discourse is healthier on decentralized communication services. For link sharing and conversation, I don’t know of another platform that comes close to Lemmy’s chances of success. It has flaws, but nothing that can’t be fixed over time. And we need one now. The important thing is to get people using it; build the communities. That will make the time investment required to improve it worthwhile.
Regarding privacy:
Let’s try to remember that it is not possible to revoke something that has been made public, on any platform. Bots exist. Caches exist. Web crawlers. Intelligence agencies. Archives. Screen shots. Backups. The closest we can come is to encourage people on the network to honor deletes, and hope the remaining copies don’t turn up at an embarrassing moment.
And as always (even before the internet), it’s probably a good idea to think about our words before publishing them to the public.
It reads like someone has just discovered that if you toss out public data on the public internet via federation it becomes public and out of your direct control.
That’s how all federated services basically work: once it is relayed to someone else’s server, there’s essentially nothing you can do to force deletion.
Easy example: if you send me an email, but delete it from your sent messages, did you delete the message I got?
Privacy is tricky. I’ve seen complaints that anything you post stays forever. But honestly, is that what you consider private?
Do you think it’s more private to make and delete posts than to just use a VPN and an anonymous account? Having the ability to delete posts doesn’t help your privacy at all. At least there’s no advertisers being sold all our data.
And the chat thing really needs fixed. But for quick one-off messages, it’s fine. Maybe just too exchange secured accounts
Since Lemmy is free software, can someone just fork it and change it to be more privacy-focused?
It can, but without E2EE nothing is private. You can be sure that stays encrypted and only the other person is able to read it.
They can; but remember you are posting public information on a public forum. The privacy features are all about what you type or don’t type. Never type private information into a public forum.
deleted by creator
deleted by creator